HIGHCVE-2026-22192Published 2026-03-13Modified 2026-04-22CNA VulnCheck

CVE-2026-22192: Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.

CVSS v4.0: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Voltronic Power / SNMP Web Pro
1.1

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

References

github.com
boffsec-services.com
voltronicpower.com
vulncheck.com

Metrics